Any ways to get authorization cookies without redirection to IS4

[vlapenkov]

WHAT ALREADY DONE
I have one mvc app, one identity server and many webapis.
For internal users i used hybrid flow with response_type='code id_token'.

When mvc app sees [Authorize] attribute, it redirects the user to login form on identity server, then user post his credentials and cookies with id_token and access_token are sent to browser. It works good.

WHAT IS NEEDED
For external users network administrators disallow to redirect to the identity server as it is inside intranet.

I see how to bypass this problem through the following way:

1. When mvc app sees [Authorize] attribute, it shows login form.
2. When user post his credentials to this form, browser or MVC somehow passes it to IS4.
3. IS4 authenticates user and returns all needed cookies with tokens to access mvc and web apis.

Please tell if this is possible , or there is workaround to archive this behavior.
Thank you in advance!

[leastprivilege]

No this is not how it works.

You can achieve 2) via the passwort grant. But this will not give you SSO and is discouraged.

Long story short - IdentityServer should be accessible by all users that need to use it.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.